Configuring SNMP on a Cisco Router

The configuration of SNMP on Cisco devices is fairly straightforward, and is handled from global configuration mode. For the purpose of this illustration, I’m going to assume that we’re using a Cisco 2500 router.

The command to enable SNMP on the router is snmp community, followed by the community name. This command also allows you to configure the SNMP agent as read only or for both read and write access. If not specified, the agent will be configured as read only by default. In this case, we’ll set the community name to public, allowing both read and write access. This will allow an NMS to both configure and gather information from our managed device. SNMP settings are configured from global configuration mode.

Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#snmp ?
chassis-id String to uniquely identify this chassis
community Enable SNMP; set community string and access privs
contact Text for mib object sysContact
enable Enable SNMP Traps or Informs
host Specify hosts to receive SNMP notificationbs
location Text for mib object sysLocation
packetsize Largest SNMP packet size
queue-length Message queue length for each TRAP host
system-shutdown Enable use of the SNMP reload command
tftp-server-list Limit TFTP servers used via SNMP
trap-source Assign an interface for the source address of all traps
trap-timeout Set timeout for TRAP message retransmissions
view Define an SNMPv2 MIB view

Router(config)#snmp community public ?
<1-99> Std IP accesslist allowing access with this community string
<1300-1999> Expanded IP accesslist allowing access with this community
string
ro Read-only access with this community string
rw Read-write access with this community string
view Restrict this community to a named MIB view
<cr>

Router(config)#snmp community public rw

Now that the router has been configured with a community name, SNMP is enabled. An NMS could now gather information from this managed device with Get commands.

Our next step is configuring our agent with the address of an NMS, such that it knows where to forward trap messages when errors occur, or once defined thresholds are exceeded. The first step involves enabling the agent to send traps using the snmp-server enable traps command. The next step is supplying the address of the NMS that will receive these traps, using the smnp-server host command.

Router(config)#snmp-server enable traps
Router(config)#snmp-server host 192.168.1.21 ?
WORD SNMP community string
informs Send Inform messages to this host
traps Send Trap messages to this host
version SNMP version to use for notification messages

Router(config)#snmp-server host 192.168.1.21 public
For the purpose of equipment identification, it is always a good idea to also configure SNMP agents with contact and location information, as shown below.
Router(config)#snmp contact Dan
Router(config)#snmp location Toronto Location A, Main Server Room

To view SNMP statistics for a given system, use the show snmp command.

Router#show snmp
Chassis: 02265778
0 SNMP packets input
0 Bad SNMP version errors
0 Unknown community name
0 Illegal operation for community name supplied
0 Encoding errors
0 Number of requested variables
0 Number of altered variables
0 Get-request PDUs
0 Get-next PDUs
0 Set-request PDUs
2 SNMP packets output
0 Too big errors (Maximum packet size 1500)
0 No such name errors
0 Bad values errors
0 General errors
0 Response PDUs
2 Trap PDUs

SNMP logging: enabled
Logging to 192.168.1.21.162, 0/10, 2 sent, 0 dropped.

Notice that the logging option at the end of the show snmp command output shows what appears to be an invalid IP address. In this case, the trailing “162” represents the UDP port number to which trap messages will be sent on the NMS. Like all configuration information, the SNMP settings on a router can be viewed using the show run command. A truncated version of the output is displayed below.

Router#show run
Building configuration...

Current configuration:
!
snmp-server community public RW
snmp-server location Toronto Location A, Main Server Room
snmp-server contact Dan DiNicolo
snmp-server enable traps
snmp-server host 192.168.1.21 traps public
!
line con 0
transport input none
line aux 0

Author: Dan DiNicolo

Dan DiNicolo is a freelance author, consultant, trainer, and the managing editor of 2000Trainers.com. He is the author of the CCNA Study Guide found on this site, as well as many books including the PC Magazine titles Windows XP Security Solutions and Windows Vista Security Solutions. Click here to contact Dan.